bugzilla-daemon at netfilter.org
2017-Aug-26 12:11 UTC
[Bug 1180] New: Can't create a set with both timeout and interval flags at the same time
https://bugzilla.netfilter.org/show_bug.cgi?id=1180
Bug ID: 1180
Summary: Can't create a set with both timeout and interval
flags at the same time
Product: nftables
Version: unspecified
Hardware: x86_64
OS: Debian GNU/Linux
Status: NEW
Severity: enhancement
Priority: P5
Component: nft
Assignee: pablo at netfilter.org
Reporter: flnf at prout.be
root at ns:~# nft add set inet filter spamhaus_DROP { type ipv4_addr \; flags
interval \; size 65535 \;}
root at ns:~# nft delete set inet filter spamhaus_DROP
root at ns:~# nft add set inet filter spamhaus_DROP { type ipv4_addr \; flags
interval, timeout \; size 65535 \;}
<cmdline>:1:1-93: Error: Could not process rule: Operation not supported
add set inet filter spamhaus_DROP { type ipv4_addr ; flags interval, timeout ;
size 65535 ;}
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
root at ns:~# nft add set inet filter spamhaus_DROP { type ipv4_addr \; flags
timeout \; size 65535 \;}
root at ns:~#
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20170826/f0008e8e/attachment.html>
bugzilla-daemon at netfilter.org
2017-Sep-21 08:54 UTC
[Bug 1180] Can't create a set with both timeout and interval flags at the same time
https://bugzilla.netfilter.org/show_bug.cgi?id=1180
Karel Rericha <karel at unitednetworks.cz> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |karel at unitednetworks.cz
--- Comment #1 from Karel Rericha <karel at unitednetworks.cz> ---
I would say this is intended (and bad, inconsistent) behaviour, elements in set
with flag interval are concatenated if possible (e.g. consequent addresses)
when added in one command, but you cant concatenate them if they have different
timeouts.
Implicit concatenating of elements in sets with flag interval is maybe good for
performance, but bad in many ways. Gonna file a bug for that.
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20170921/57018049/attachment.html>
bugzilla-daemon at netfilter.org
2020-Jan-28 23:57 UTC
[Bug 1180] Can't create a set with both timeout and interval flags at the same time
https://bugzilla.netfilter.org/show_bug.cgi?id=1180
kfm at plushkava.net changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |kfm at plushkava.net
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20200128/a94c127d/attachment.html>
bugzilla-daemon at netfilter.org
2020-Aug-27 03:47 UTC
[Bug 1180] Can't create a set with both timeout and interval flags at the same time
https://bugzilla.netfilter.org/show_bug.cgi?id=1180
kfm at plushkava.net changed:
What |Removed |Added
----------------------------------------------------------------------------
See Also| |https://bugzilla.netfilter.
| |org/show_bug.cgi?id=1454
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20200827/be31f595/attachment.html>
bugzilla-daemon at netfilter.org
2020-Aug-29 00:23 UTC
[Bug 1180] Can't create a set with both timeout and interval flags at the same time
https://bugzilla.netfilter.org/show_bug.cgi?id=1180
kfm at plushkava.net changed:
What |Removed |Added
----------------------------------------------------------------------------
Blocks| |1461
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20200829/e322d0da/attachment.html>
bugzilla-daemon at netfilter.org
2020-Aug-29 10:20 UTC
[Bug 1180] Can't create a set with both timeout and interval flags at the same time
https://bugzilla.netfilter.org/show_bug.cgi?id=1180
Pablo Neira Ayuso <pablo at netfilter.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution|--- |FIXED
--- Comment #2 from Pablo Neira Ayuso <pablo at netfilter.org> ---
Timeout support for interval sets is supported since:
commit 8d8540c4f5e03d847c004e71d6a577bf4f8c78cd
Author: Pablo Neira Ayuso <pablo at netfilter.org>
Date: Wed May 16 22:58:34 2018 +0200
netfilter: nft_set_rbtree: add timeout support
Looking at the bug report, looks like that this was not supported at the time
of the report.
Support for timeout and interval sets is available since Linux kernel >= 4.18
Closing.
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20200829/f35411d2/attachment.html>
Apparently Analagous Threads
- [Bug 1184] New: disable implicit concatenating of elements of sets with flag interval
- [Bug 1382] New: nftables.py cmd leaking memory when ruleset contain mapping ip length to range with high limit 65535
- [Bug 1411] New: add elements with counter to dynamic sets with
- [Bug 1185] New: counter flag proposal for sets and maps
- [Bug 1091] New: named set with flag interval: delete multiple items in one command bug